- Legitimate platforms like online gaming services are a breeding ground for hackers, with in-game currencies and micro-transactions putting a target on the gaming industry’s back
- Online games have also provided a testing ground for hackers keen to test their malware on unsuspecting players
Hackers taking advantage of social networks like LinkedIn is nothing new in this era of platform criminality. But despite major breaches like Sony, one platform often overlooked as a target for cybercriminals are popular video games. Online games, such as Fortnite, have exploded in popularity over the last year, with the title recently reporting 125 million downloads.
This popularity hasn’t gone unnoticed in the darker corners of the web and there have been rising concerns around the presence of hackers, with many players reporting that their accounts have been compromised. But why is this significant, and what is it about online games that cybercriminals find so appealing?
In-game currencies and micro-transactions have put a target on the gaming industry
One of the biggest reasons online gaming has become a target for cybercriminals is the fact that many online games rely on in-game purchases. The growing use of in-game currency and micro-transactions has attracted hackers seeking to hijack these payments. Routes to exploit players also include creating fake promotions and items to trick users into buying and downloading malware. Additionally, hackers would be looking to steal payment details from players who make these in-game purchases. My Web of Profit research uncovered that just 50 stolen credit cards could yield revenues of $250,000 to $1 million to the criminals who stole them.
The proliferation of in-game purchases and micro-currencies has also provided a platform that criminals can manipulate to launder the spoils of previous criminal activities. Several online forums have been found discussing how to use multi-player games, including Clash of Clans and World of Warcraft, to launder the proceeds of cybercrime and other criminal actions.
While the possibility of encountering cybercriminal activity during an innocent game of Fortnite may feel very low to most players, research has shown that the problem is far more widespread than most expect, with 1 in 5 gamers falling victim to gaming fraud.
Online gaming – a crèche for hackers?
Minecraft has had problems with malware and hackers since its creation. Earlier this year, nearly 50,000 Minecraft accounts were found to be infected with malware distributed by modified character ‘skins’ which players downloaded from the official site. The malware was uploaded to the game’s official website without detection, raising concerns over the game creators’ efforts to protect players – many of whom are children – from criminal activity.
It is also crucial to recognise that these malware strains may be the beginning of more harmful projects. The infamous Mirai botnet that brought down the internet in 2016 originated on Minecraft. The malware was initially intended to simply create an advantage for the hackers within the game, but it went on to cause damage across the web. This should be taken as a clear warning to clamp down on malware in online gaming, no matter how simplistic it may appear, and to prevent online games from being used as training grounds for future hackers that may later try their hand at attacks against enterprises and government organizations.
Online gaming is part of the interconnected Web of Profit
The plight of individual players may feel far removed from organizations and cybersecurity efforts being made to protect them. But cybercrime is a tangled web and the wider effects of cybercriminals targeting gamers online will be felt later on. Whether in the form of new malware being developed or stolen personal details, the potential threat that these criminal activities pose to gamers should also be applied to the wider world and shouldn’t be overlooked.
The sprawling, highly lucrative cybercrime economy is a formidable opponent, with many parts working in tandem. It’s vital that authorities and cybersecurity experts begin to work together to form a more holistic approach to tackling cybercrime as a whole, not just the parts that feel closest to home. Instead of staying at our gates and waiting for attacks against our networks, we must start venturing out into the threat landscape and fighting cybercriminals on their own turf.
*** This is a Security Bloggers Network syndicated blog from Bromium authored by Dr Michael McGuire. Read the original post at: https://www.bromium.com/how-hackers-exploit-online-games/